Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - tshark 2.4 New Feature - Command Line Export Objects InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

tshark 2.4 New Feature - Command Line Export Objects

Published: 2017-08-18
Last Updated: 2017-08-19 19:20:13 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

There is nothing new about Wireshark releasing an update; however, the new 2.4 branch has new feature that is quite useful that I have been waiting to be able to use for a while. In case you missed it, tshark now has the ability to Export Objects. I have tested the export using large pcap files with multiple objects and tshark does a good job "dumping" all the files in the specified directory (i.e. destdir).

To extract HTTP or SMB objects from the command-line, run the following command:

tshark -nr file.pcap --export-objects http,destdir
tshark -nr file.pcap --export-objects smb,destdir


[1] https://www.wireshark.org/#download

-----------
Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

0 comment(s)
Diary Archives